-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
debuginfod is ignored if an agent uploads a stripped binary #5465
Comments
Strange! Which version of Parca is this? What Parca should do is reject the upload in the first place if it can find debuginfos in a debuginfod server. |
This was the latest |
I think it might be related to debuginfod not being available. Still, it doesn't seem very productive to upload stripped binaries. |
Specifically, debuginfod.elfutils.org does not like many requests at once:
They seem to straight up ban the client IP:
My laptop is on the same /64 prefix and it can reach it just fine. The machine above also recovers after some time, but it gets banned very easily with 32 concurrent requests:
@fche, is this sort of behavior expected? |
Several public debuginfod servers apply some throttling self-defense measures against IP addresses that use them too heavily. Many concurrent connections from the same IP address is just such a trigger. I'll nudge up the limits of this server. If you are a heavy user of these services, please consider installing a local caching proxy. |
For example, in the last 8 hours, this server has received about 7000 duplicate queries for nonexistent build-ids from the same IP address, just seconds apart. A properly functioning debuginfod client would cache the negative hits, but this one does not. 172.203.153.37 - - [02/Feb/2025:16:46:32 +0000] debuginfod.elfutils.org "GET /buildid/69fd2f79f443d687ee083f218f57a8947836b95d/debuginfo HTTP/1.1" 404 9 "-" "parca.dev/debuginfod-client/0.21.0" (-%) 875us - |
@fche a local caching proxy does not help with the initial deluge of requests when debuginfod is requested for everything installed. Would you consider putting Cloudflare in front (via open-source sponsorships) to absorb the shocks and to do both positive and negative caching? With a proper tiered setup you shouldn't get more than ~one request for anything, no matter how well behaving the clients are. |
How about this: If some other organization wishes to arrange for and oversee a public-interest CDN for debuginfod services, I'd be glad to add it to our published list of servers. |
@fche, I started an internal RFC. I'll let you know when it has some progress (over email). |
A couple of clarifying statements since v0.22.0 Parca has had:
If Cloudflare could help with a cache that would be super helpful either way though especially because there is little we can do about our users not upgrading! |
The reason this happens at this point is that the agent tries to at least find some symbols to upload. At the point where it does that it has already exhausted all other possibilities and it's the only thing left that might offer non-zero chances at symbolizing. |
Here's
systemd
on Debian Trixie showing some unresolved symbols:We can find the corresponding buildid:
It is stripped, so it's not very useful:
Metadata points at the file being uploaded by an agent:
We can consult
debuginfod
and it will happily fetch us the proper debug info:That is not stripped:
It would be good for Parca to check debuginfod servers if debuginfo is present, but incomplete, like in this case.
The text was updated successfully, but these errors were encountered: